Cross-Origin Resource Sharing (CORS)

Cross-Origin Resource Sharing (CORS) lets web pages make requests to a domain
other than the one from which the page was served; it allows JavaScript to
make requests across domain boundaries. Without CORS, this functionality is not
available and web pages can run into cross-domain issues when trying to retrieve files,
such as closed captions, from another domain.

All resources not hosted by Ooyala (video, audio, images, closed captions, css, js, etc.)
that are used with your HTML5-based playback must have the appropriate CORS headers configured. If your resources do
not follow the CORS standard, your player will not function correctly and may fail when
trying to access files across domains.

You must set up CORS enablement on the CDN that you use for content serving.
For information on how to enable CORS, see http://enable-cors.org/ or talk to your
hosting provider or vendor.

For example, due to the fact that the domain of a closed caption file could be different
than the page and/or the video tag itself, we set
crossorigin='anonymous' on the video tag. This causes any streamURL
that does not properly have the CORS header enabled to fail to load.

Note: These CORS prerequisites do not apply if you are using only Ooyala-hosted
content, as CORS is enabled for all Ooyala-hosted domains.